"""
Copyright (c) 2022 Huawei Technologies Co.,Ltd.

openGauss is licensed under Mulan PSL v2.
You can use this software according to the terms and conditions of the Mulan PSL v2.
You may obtain a copy of Mulan PSL v2 at:

          http://license.coscl.org.cn/MulanPSL2

THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
See the Mulan PSL v2 for more details.
"""
"""
Case Type   : 防篡改
Case Name   : 创建sysadmin用户验证普通表权限组合的情况下，功能正常
Create At   : 2022/3/14
Owner       : @daiguatutu
Description :
    1.设置参数并重启数据库enableseparationofduty=on
    2.创建普通用户,切换到普通用户创建表
    3.创建sysadmin用户
    4.sysadmin用户连接,对表进行增删改查清空操作
    5.清理环境
Expect      :
    1.成功
    2.成功
    3.成功
    4.对表操作失败
    5.清理环境成功
History     :
"""

import os
import unittest

from testcase.utils.Common import Common
from testcase.utils.CommonSH import CommonSH
from testcase.utils.Constant import Constant
from testcase.utils.Logger import Logger
from yat.test import macro


class Security(unittest.TestCase):
    def setUp(self):
        self.log = Logger()
        self.log.info(f'-----{os.path.basename(__file__)} start-----')
        self.pri_sh = CommonSH('PrimaryDbUser')
        self.constant = Constant()
        self.common = Common()
        self.u_name = 'u_security_combineprivilege_0009'
        self.u_name_01 = 'u_security_combineprivilege_0009_01'
        self.r_name = 'r_security_combineprivilege_0009'
        self.t_name = 't_security_combineprivilege_0009'
        self.default_value1 = self.common.show_param('enableSeparationOfDuty')

    def test_security(self):
        text = '-----step1：设置参数并重启数据库enableSeparationOfDuty=on; ' \
               'expect:成功-----'
        self.log.info(text)
        mod_msg = self.pri_sh.execute_gsguc('set',
                                            self.constant.GSGUC_SUCCESS_MSG,
                                            'enableSeparationOfDuty=on')
        self.assertTrue(mod_msg, '执行失败:' + text)
        result = self.pri_sh.restart_db_cluster()
        self.assertTrue(result, '执行失败' + text)

        text = '-----step2：创建普通用户,切换到普通用户创建表 expect:成功-----'
        self.log.info(text)
        create_cmd = f"drop user if exists {self.u_name} cascade; " \
            f"create user {self.u_name} password '{macro.COMMON_PASSWD}';" \
            f"set role {self.u_name} password '{macro.COMMON_PASSWD}';" \
            f"drop table if exists {self.u_name}.{self.t_name};" \
            f"create table {self.u_name}.{self.t_name}" \
            f"(id int primary key,name varchar(100));" \
            f"reset role;"
        msg = self.pri_sh.execut_db_sql(create_cmd)
        self.log.info(msg)
        self.assertIn(self.constant.DROP_ROLE_SUCCESS_MSG, msg,
                      '执行失败:' + text)
        self.assertIn(self.constant.CREATE_ROLE_SUCCESS_MSG, msg,
                      '执行失败:' + text)
        self.assertIn(self.constant.SET_SUCCESS_MSG, msg, '执行失败:' + text)
        self.assertIn(self.constant.CREATE_TABLE_SUCCESS, msg,
                      '执行失败:' + text)

        text = '-----step3：创建sysadmin用户 expect:成功-----'
        self.log.info(text)
        create_cmd = f"drop user if exists {self.u_name_01} cascade; " \
            f"create user {self.u_name_01} sysadmin password " \
            f"'{macro.COMMON_PASSWD}';"
        msg = self.pri_sh.execut_db_sql(create_cmd)
        self.log.info(msg)
        self.assertIn(self.constant.DROP_ROLE_SUCCESS_MSG, msg,
                      '执行失败:' + text)
        self.assertIn(self.constant.CREATE_ROLE_SUCCESS_MSG, msg,
                      '执行失败:' + text)

        text = '-----step4：sysadmin用户连接,对表进行增删改查清空操作; expect:对表操作失败-----'
        self.log.info(text)
        sql_cmd = f"insert into {self.u_name}.{self.t_name} " \
            f"values(1,'beijing'),(2,'shanghai');" \
            f"select * from {self.u_name}.{self.t_name};" \
            f"update {self.u_name}.{self.t_name} set name='shanxi' " \
            f"where id=2;" \
            f"delete from {self.u_name}.{self.t_name} where id=2;" \
            f"truncate table {self.u_name}.{self.t_name};"
        connect = f'-U {self.u_name_01} -W {macro.COMMON_PASSWD}'
        msg = self.pri_sh.execut_db_sql(sql_cmd, sql_type=connect)
        self.log.info(msg)
        self.assertEqual(5, msg.count(
            f'permission denied for schema {self.u_name}'), '执行失败:' + text)

    def tearDown(self):
        self.log.info('-----step5：清理环境-----')
        text1 = '-----删除用户 expect:成功-----'
        self.log.info(text1)
        drop_cmd = f"drop user if exists {self.u_name}," \
            f"{self.u_name_01} cascade;"
        drop_msg = self.pri_sh.execut_db_sql(drop_cmd)
        self.log.info(drop_msg)

        text2 = '-----修改参数enableSeparationOfDuty为初始值 expect:成功-----'
        self.log.info(text2)
        mod_msg1 = self.pri_sh.execute_gsguc('set',
                                             self.constant.GSGUC_SUCCESS_MSG,
                                             f'enableSeparationOfDuty='
                                             f'{self.default_value1}')
        restart_res = self.pri_sh.restart_db_cluster()

        self.log.info('-----断言tearDown执行成功-----')
        self.assertIn(self.constant.DROP_ROLE_SUCCESS_MSG, drop_msg,
                      '执行失败:' + text1)
        self.assertTrue(mod_msg1, '执行失败:' + text2)
        self.assertTrue(restart_res, '执行失败:' + text2)
        self.log.info(f'-----{os.path.basename(__file__)} end-----')
